Fedora EPEL 7 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 1051  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087   dokuwiki-0-0.24.20140929c.el7
 814  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f   mcollective-2.8.4-1.el7
 396  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d   libbsd-0.8.3-1.el7
 294  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe   mod_cluster-1.3.3-10.el7
 125  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23   libmspack-0.6-0.1.alpha.el7
  63  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece   nagios-4.3.4-5.el7
  26  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8d57a2487b   monit-5.25.1-1.el7
  13  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-28611aa33f   python-bottle-0.12.13-1.el7
  13  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-885bb5ec89   poco-1.6.1-3.el7
  12  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65   rootsh-1.5.3-17.el7
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73feedd767   wordpress-4.9.2-1.el7
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-11ba3bced1   clamav-0.99.2-18.el7


The following builds have been pushed to Fedora EPEL 7 updates-testing

    GraphicsMagick-1.3.28-1.el7
    distribution-gpg-keys-1.18-1.el7
    fedfind-4.0.0-1.el7
    freeciv-2.5.10-1.el7
    freshmaker-0.0.10-1.el7
    knot-2.6.4-1.el7
    mock-core-configs-28.2-1.el7
    module-build-service-1.6.3-1.el7
    modulemd-1.3.3-1.el7
    moodle-3.1.10-1.el7
    mozilla-https-everywhere-2018.1.11-1.el7
    python-fdb-1.8-1.el7
    python3-docker-2.6.1-1.el7
    radcli-1.2.9-1.el7
    standard-test-roles-2.6-2.el7
    transmission-2.92-12.el7

Details about builds:


================================================================================
 GraphicsMagick-1.3.28-1.el7 (FEDORA-EPEL-2018-ce6223e559)
 An ImageMagick fork, offering faster image generation and better quality
--------------------------------------------------------------------------------
Update Information:

Latest stable release, includes many bug and security fixes.  See also
http://www.graphicsmagick.org/NEWS.html#january-20-2017
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1473729 - CVE-2017-11102 GraphicsMagick: Input validation failure in ReadOneJNGImage function may cause denial of service [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1473729
  [ 2 ] Bug #1473741 - CVE-2017-11139 GraphicsMagick: double free vulnerabilities in the [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1473741
  [ 3 ] Bug #1473752 - CVE-2017-11140 GraphicsMagick: Resource exhaustion denial of service in ReadJPEGImage function [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1473752
  [ 4 ] Bug #1475454 - CVE-2017-11637 GraphicsMagick: NULL pointer dereference in WritePCLImage() in coders/pcl.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1475454
  [ 5 ] Bug #1475458 - CVE-2017-11636 GraphicsMagick: Heap based buffer over-write in WriteRGBImage in coders/rgb.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1475458
  [ 6 ] Bug #1475490 - CVE-2017-11641 GraphicsMagick: Memory Leak in the PersistCache in magick/pixel_cache.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1475490
  [ 7 ] Bug #1475498 - CVE-2017-11643 GraphicsMagick: Heap based over-write in WriteCMYKImagefunction in coders/cmyk.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1475498
  [ 8 ] Bug #1484483 - CVE-2017-13147 GraphicsMagick: Allocation failure in ReadMNGImage function in coders/png.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1484483
  [ 9 ] Bug #1512038 - CVE-2017-16669 GraphicsMagick: Heap buffer over-write in AcquireCacheNexus function in magick/pixel_cache.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1512038
  [ 10 ] Bug #1512049 - CVE-2017-16353 GraphicsMagick: ImageMagick, GraphicsMagick: memory information disclosure in DescribeImage function in magick/describe.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1512049
  [ 11 ] Bug #1528037 - CVE-2017-17782 GraphicsMagick: heap-based buffer over-read in ReadOneJNGImage function in coders/png.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1528037
  [ 12 ] Bug #1528051 - CVE-2017-17783 GraphicsMagick: heap based buffer over-read in ReadPALMImage in coders/palm.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1528051
  [ 13 ] Bug #1529535 - CVE-2017-17915 GraphicsMagick: Memory leak in the function ReadMNGImage in coders/png.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1529535
  [ 14 ] Bug #1529557 - CVE-2017-17913 GraphicsMagick: stack-based buffer over-read in WriteWEBPImage in coders/webp.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1529557
  [ 15 ] Bug #1529580 - CVE-2017-17912 GraphicsMagick:  GraphicsMagick: heap-based buffer over-read in ReadNewsProfile in coders/tiff.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1529580
  [ 16 ] Bug #1536951 - GraphicsMagick: 2018-5685 GraphicsMagick: Infinite loop and application hang in coders/bmp.c:ReadBMPImage [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1536951
--------------------------------------------------------------------------------


================================================================================
 distribution-gpg-keys-1.18-1.el7 (FEDORA-EPEL-2018-5d1486ae23)
 GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:

- updated Copr keys - add UnitedRPMs - add remi 2018 key
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1536804 - distribution-gpg-keys-1.18-1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1536804
--------------------------------------------------------------------------------


================================================================================
 fedfind-4.0.0-1.el7 (FEDORA-EPEL-2018-a292395242)
 Fedora compose and image finder
--------------------------------------------------------------------------------
Update Information:

This update provides a new major release of fedfind. It is going out to stable
releases as fedfind is used quite extensively in Fedora QA infrastructure, and
we prefer to keep all those deployments on the latest code. The new release also
provides some significant enhancements in correctness checking that will be
useful in these cases.  See [the upstream changelog](https://pagure.io/fedora-
qa/fedfind/blob/5713f806517a358a5761aaaff9cfd276f8aeb862/f/CHANGELOG.md) for
more details on the specific changes in this release. Most uses of fedfind (both
CLI and as a Python library) should continue to work unchanged, or with only
minimal changes (mainly because `get_release` can raise some different
exceptions now).
--------------------------------------------------------------------------------


================================================================================
 freeciv-2.5.10-1.el7 (FEDORA-EPEL-2018-9092e4f094)
 A multi-player strategy game
--------------------------------------------------------------------------------
Update Information:

2.5.10
--------------------------------------------------------------------------------


================================================================================
 freshmaker-0.0.10-1.el7 (FEDORA-EPEL-2018-688fb40278)
 Freshmaker is a service scheduling rebuilds of artifacts as new content becomes available.
--------------------------------------------------------------------------------
Update Information:

New version 0.0.10.
--------------------------------------------------------------------------------


================================================================================
 knot-2.6.4-1.el7 (FEDORA-EPEL-2018-d0d50ca69d)
 High-performance authoritative DNS server
--------------------------------------------------------------------------------
Update Information:

Knot DNS 2.6.4 (2018-01-02) ===========================  Features: ----------  -
Module synthrecord allows multiple 'network' specification  - New CSK handling
support in keymgr  Improvements: -------------  - Allowed configuration for
infinite zsk lifetime  - Increased performance and security of the module
synthrecord  - Signing changeset is stored into journal even if 'zonefile-load'
is whole  Bugfixes: ---------  - Unintentional zone re-sign during reload if
empty NSEC3 salt  - Inconsistent zone names in journald structured logs  -
Malformed outgoing transfer for big zone with TSIG  - Some minor DNSSEC-related
issues  Knot DNS 2.6.3 (2017-11-24) ===========================  Bugfixes:
---------  - Wrong detection of signing scheme rollover  Knot DNS 2.6.2
(2017-11-23) ===========================  Features: ---------  - CSK algorithm
rollover and (KSK, ZSK) <-> CSK rollover support  Improvements: -------------  -
Allowed explicit configuration for infinite ksk lifetime  - Proper error
messages instead of unclear error codes in server log  - Better support for old
compilers  Bugfixes: ---------  - Unexpected reply for DS query with an owner
below a delegation point  - Old dependencies in the pkg-config file
--------------------------------------------------------------------------------


================================================================================
 mock-core-configs-28.2-1.el7 (FEDORA-EPEL-2018-d64efdfb20)
 Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:

- add fedora 28 configs - remove failovermethod=priority for repos which use dnf
- remove fedora 24 configs - set skip_if_unavailable=False for all repos
--------------------------------------------------------------------------------


================================================================================
 module-build-service-1.6.3-1.el7 (FEDORA-EPEL-2018-e4e74e197f)
 The Module Build Service for Modularity
--------------------------------------------------------------------------------
Update Information:

 Changes -------  * Fix a bug that caused a module build to fail when it was
cancelled during the module-build-macros phase and then resumed * Reset the
"state_reason" field on all components after a module build is resumed * Cancel
new repo tasks on module build failures in Koji * Use available Koji repos
during local builds instead of building them locally * Add an incrementing
prefix to module components' releases * Add a "context" field on component and
module releases in Koji for uniqueness for when Module Stream Expansion is
implemented * Remove urlgrabber as a dependency * Set an explicit log level on
our per-build file handler * Set the timeout on git operations to 60 seconds to
help alleviate client tooling timeouts * Improve the efficiency of the stale
module builds poller * Fix situations where module-build-macros builds in Koji
but fails in MBS and the build is resumed
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1487065 - module-build-service-1.3.26-3.fc26: local build always disables tests
        https://bugzilla.redhat.com/show_bug.cgi?id=1487065
  [ 2 ] Bug #1514631 - module-build-service-1.5.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1514631
--------------------------------------------------------------------------------


================================================================================
 modulemd-1.3.3-1.el7 (FEDORA-EPEL-2018-701ce7a3d5)
 Module metadata manipulation library
--------------------------------------------------------------------------------
Update Information:

Latest upstream.
--------------------------------------------------------------------------------


================================================================================
 moodle-3.1.10-1.el7 (FEDORA-EPEL-2018-9eb18da891)
 A Course Management System
--------------------------------------------------------------------------------
Update Information:

CVE-2018-1042/CVE-2018-1043/CVE-2018-1044/CVE-2018-1045 fixes.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1537469 - CVE-2018-1042 CVE-2018-1043 CVE-2018-1044 CVE-2018-1045 moodle: Four security issues fixed in the latest release [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1537469
  [ 2 ] Bug #1537470 - CVE-2018-1042 CVE-2018-1043 CVE-2018-1044 CVE-2018-1045 moodle: Four security issues fixed in the latest release [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1537470
--------------------------------------------------------------------------------


================================================================================
 mozilla-https-everywhere-2018.1.11-1.el7 (FEDORA-EPEL-2018-c9726806a3)
 HTTPS enforcement extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:

* More ruleset updates
--------------------------------------------------------------------------------


================================================================================
 python-fdb-1.8-1.el7 (FEDORA-EPEL-2018-e752d34c99)
 Firebird RDBMS bindings for Python
--------------------------------------------------------------------------------
Update Information:

New upstream 1.8
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1525032 - '403 SSL is required' while trying to download Source0 with spectool
        https://bugzilla.redhat.com/show_bug.cgi?id=1525032
--------------------------------------------------------------------------------


================================================================================
 python3-docker-2.6.1-1.el7 (FEDORA-EPEL-2018-b5d2d52b39)
 A Python library for the Docker Engine API
--------------------------------------------------------------------------------
Update Information:

- Initial EPEL7 package
--------------------------------------------------------------------------------


================================================================================
 radcli-1.2.9-1.el7 (FEDORA-EPEL-2018-4a215d352d)
 RADIUS protocol client library
--------------------------------------------------------------------------------
Update Information:

New upstream release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1266675 - radcli-1.2.9 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1266675
--------------------------------------------------------------------------------


================================================================================
 standard-test-roles-2.6-2.el7 (FEDORA-EPEL-2018-fa163f5366)
 Standard Test Interface Ansible roles
--------------------------------------------------------------------------------
Update Information:

Build with the latest merged PRs.
--------------------------------------------------------------------------------


================================================================================
 transmission-2.92-12.el7 (FEDORA-EPEL-2018-c0d5d190b0)
 A lightweight GTK+ BitTorrent client
--------------------------------------------------------------------------------
Update Information:

CVE patch fix.  ----  Security fix for CVE-2018-5702 (Mitigate dns rebinding
attacks against daemon)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1534061 - CVE-2018-5702 transmission: Remote code execution (RCE) in rpc session-id via dns rebinding attack
        https://bugzilla.redhat.com/show_bug.cgi?id=1534061
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux